Your message dated Thu, 04 Dec 2008 09:06:38 +0200
with message-id <[EMAIL PROTECTED]>
has caused the report #507633,
regarding libgnutls26: GnuTLS does not know VeriSign any more
to be marked as having been forwarded to the upstream software
author(s)
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
507633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Andreas Metzler wrote:
> On 2008-12-03 Michael Kiefer <[EMAIL PROTECTED]> wrote:
>> Package: libgnutls26
>> Version: 2.4.2-3
>> Severity: important
>
>> Since I updated libgnutls26 from 2.4.2-1 to 2.4.2-3 kMyMoney2 does
>> not connect to my bank any more. When I run gnutls-cli --insecure
>> -p 443 hbci-pintan-rp.s-hbci.de -d 4711 --print-cert it says
>
>> - Peer's certificate issuer is unknown
>> - Peer's certificate is NOT trusted
> [...]
>
> FWIW adding or dropping
> http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/debian/patches/20_GNUTLS-SA-2008-3.patch?op=file&rev=0&sc=0
> indeed makes
>
> gnutls-cli -p 443 hbci-pintan-rp.s-hbci.de --x509cafile \
> /etc/ssl/certs/ca-certificates.crt
It seems to me that MD2 is missing from newer gnutls and this is the
reason why it fails. libgcrypt has the MD2 enumeration but not the
actual implementation and this tricked me into removing the included
md2. I will try to revert the old behavior of using an included version
of md2.
regards,
Nikos
--- End Message ---
